Apple to Patch Web Browser Vulnerabilities Affecting Recent Macs, iPads and iPhones - MacRumorsOpen MenuShow RoundupsShow Forums menuVisit ForumsOpen Sidebar
Skip to Content

Apple to Patch Web Browser Vulnerabilities Affecting Recent Macs, iPads and iPhones

There are two new speculative execution attacks that impact recent Apple chips, according to data shared today by Georgia Tech students that discovered the vulnerabilities.

slap flop vulnerabilities
Named SLAP and FLOP, the two security flaws could allow an attacker to use a malicious webpage to spy on the contents of other webpages, giving attackers remote access to browsing history, credit card data, emails, location information, and more. Physical access to a device is not required, and the attack can be executed through a malicious site that bypasses Apple's browser protections.

Several Apple A-series and M-series chips are affected, including the M2 and later and the A15 and later, which are in the following devices:

  • 2022 and later Mac notebooks
  • 2023 and later Mac desktops
  • 2021 and later iPad models
  • 2021 and later iPhones

SLAP and FLOP were disclosed to Apple in May 2024 and September 2024, respectively, and while the attacks have not yet been patched, the researchers who reported the issue were told that Apple plans to address the vulnerabilities in an upcoming security update.

Apple told Bleeping Computer that it has not yet patched the flaws. "We want to thank the researchers for their collaboration as this proof of concept advances our understanding of these types of threats," Apple said. "Based on our analysis, we do not believe this issue poses an immediate risk to our users."

SLAP affects Safari, while FLOP affects Safari and Chrome. Other browsers like Firefox could be affected too, but have not been tested. There is no evidence that SLAP and FLOP have been executed in the wild.

Details on how SLAP and FLOP work can be found on the website dedicated to explaining the vulnerabilities.

Popular Stories

iCloud iPhone 17 Pro

iPhone Users Who Pay for iCloud Storage Get Two New Perks on iOS 27

Thursday July 2, 2026 6:10 am PDT by
If you pay for certain iCloud+ storage plans beyond the 5GB that Apple offers for free, you will receive two more perks on iOS 27 at no additional cost. A summary of the two new iCloud+ perks on iOS 27:Increased daily usage limits for some new Apple Intelligence features, including image generation in the revamped Image Playground app. HomeKit Secure Video cameras receive generated video...
iPhone 4 on Black Feature

Apple Facing One of Its Worst Leaks Since the iPhone 4

Thursday July 2, 2026 9:53 am PDT by
Apple supplier Tata Electronics recently suffered a cyberattack that resulted in thousands of confidential files being published on the dark web, and this reportedly included some photos and documents related to the upcoming iPhone 18 Pro. We have elected not to share any of the leaked photos in this story due to the illegal nature in which they were obtained, but they can easily be found...
Apple Event Logo

Apple Just Released a New Product

Thursday July 2, 2026 8:04 am PDT by
Apple's first product release of summer 2026 occurred this week, but do not get too excited, as it is merely the Beats Solo Buds in a new color. Beats Solo Buds are now offered in orange through Best Buy in the U.S., with availability set to expand to 7-Eleven stores in Japan on July 4. Apple already offered orange Solo Buds in India for free with the purchase of an iPhone 15 or iPhone 15 ...

Top Rated Comments

awer25 Avatar
19 months ago
Help us Genmoji, you're our only hope!
Score: 29 Votes (Like | Disagree)
canadianreader Avatar
19 months ago

Apple told Bleeping Computer ('https://www.bleepingcomputer.com/news/security/new-apple-cpu-side-channel-attack-steals-data-from-browsers/') that it has not yet patched the flaws. "We want to thank the researchers for their collaboration as this proof of concept advances our understanding of these types of threats," Apple said. "Based on our analysis, we do not believe this issue poses an immediate risk to our users."
They're too busy fixing Apple Intelligence.
Score: 24 Votes (Like | Disagree)
centauratlas Avatar
19 months ago
"we do not believe this issue poses an immediate risk to our users." That may have been true but now that it was published in the two papers that Bleeping links to I would suspect that would change. Apple should have patched these. Reminds me of Meltdown and Spectre.
Score: 22 Votes (Like | Disagree)
Apple Knowledge Navigator Avatar
19 months ago
Have they patched the other FLOP?
Think it’s called Apple Intelligence.
Score: 20 Votes (Like | Disagree)
DeftwillP Avatar
19 months ago
It's ok guy, siri's got this.

"hey siri, load the patch from apple for the newest exploit"
"I couldn't find that person in your contacts"
Score: 20 Votes (Like | Disagree)
Razorpit Avatar
19 months ago

They're too busy fixing Apple Intelligence.
Maybe we can have Apple Intelligence write a patch! What could go wrong? 😁
Score: 12 Votes (Like | Disagree)